Method and apparatus for coordinating a change in service provider between a client and a server

ABSTRACT

A method of configuring a network access device having a first network address allocated to a subscriber of services of a first service provider provided by a first service network, with a new network address allocated to a subscriber of services of a second service provider provided by a second service network, wherein the network access device is connected to an access network connected to a plurality of service networks. The method comprises the steps of: sending a request from the network access device to the access network requesting a change to a second service provider; receiving a response from the access network; and initiating a network address change request using a configuration protocol. In this manner, a second network address allocated to the subscriber of services of the second service provider is assigned to the network access device to enable the network access device to communicate data packets to the service network providing the selected service. In one preferred embodiment of the invention, the subscriber is authenticated by a service activation system coupled to the access network prior to initiating the configuration protocol. Accordingly, the request to the access network includes an authentication request for the subscriber. The response received from the access network therefore includes an authentication status for the subscriber from the second service provider. If the subscriber is authenticated, the client initiates the network address change request.

FIELD OF THE INVENTION

[0001] The present invention relates generally to communication networkservices, and, more particularly, to a method for enabling a client tochange between service providers in a broadband communications network.

BACKGROUND

[0002] Customers of communication network services often desire accessto a plurality of different services and different service providers.For example, when using a dial-up connection to a packet-switched datanetwork such as the Internet, a customer can choose from multipleservice providers by dialing different telephone numbers in the PSTN.The physical path from the customer to the customer's Internet ServiceProvider (ISP) is dedicated to the connection for the duration of thetelephone call. The ISP assigns an IP address to the customer and canlink the authenticated customer and the assigned IP address to thephysical address (e.g. dial-up modem) used by the customer. With thislinkage, the ISP can ensure the customer only uses the addressauthorized by the ISP and can use the customer's IP address to manageaccess to the ISP's services. Both the physical connection between acustomer and the ISP, and the linkage to IP address assignment andcustomer authentication are terminated when the dial-up connection isterminated.

[0003] Constrained by the physical capacity of these temporaryconnections across the PSTN, many service providers are moving tohigh-speed access architectures (e.g., digital subscriber line (DSL),wireless, satellite, or cable) that provide dedicated physicalconnectivity directly to the subscriber and under the control of theISP. These alternatives to shared access through the switched telephonenetwork, however, do not lend themselves to shared access by multipleservices and/or service providers.

SUMMARY OF THE INVENTION

[0004] The present invention provides in an illustrative embodiment, amethod of configuring a network access device having a first networkaddress allocated to a subscriber of services of a first serviceprovider provided by a first service network, with a new network addressallocated to a subscriber of services of a second service providerprovided by a second service network, wherein the network access deviceis connected to an access network connected to a plurality of servicenetworks. The method comprises the steps of: sending a request from thenetwork access device to the access network requesting a change to asecond service provider; receiving a response from the access network;and initiating a network address change request using a configurationprotocol. In this manner, a second network address allocated to thesubscriber of services of the second service provider is assigned to thenetwork access device to enable the network access device to communicatedata packets to the service network providing the selected service.

[0005] In one preferred embodiment of the invention, the subscriber isauthenticated by a service activation system coupled to the accessnetwork prior to initiating the configuration protocol. Accordingly, therequest to the access network includes an authentication request for thesubscriber. The response received from the access network thereforeincludes an authentication status for the subscriber from the secondservice provider. If the subscriber is authenticated, the clientinitiates the network address change request.

[0006] These and other advantages of the invention will be apparent tothose of ordinary skill in the art by reference to the followingdetailed description and the accompanying drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

[0007]FIG. 1 illustrates an interconnection of packet-switched servicenetworks and an access network embodying principles of the invention.

[0008]FIG. 2A and FIG. 2B is conceptual representation of an exemplaryembodiment illustrating principles of the invention based on an HFCaccess architecture with corresponding end-to-end protocol layers.

[0009]FIG. 3 is a diagram of a browser user interface showing theservice provider manager function of the client software;

[0010]FIG. 4 is a conceptual representation of a DHCP message exchangedbetween the network access device and a DHCP server;

[0011]FIG. 5 is a timeline diagram of messages exchanged in theassignment of a network address associated with a particular service toa network access device, in accordance with a preferred embodiment ofanother aspect of the invention;

[0012]FIG. 6 is timeline diagram of messages exchanged in the assignmentof a network address associated with a particular service to a networkaccess device, in accordance with a preferred embodiment of anotheraspect of the invention; and

[0013]FIG. 7 is a flowchart of the actions of the service client inaccordance with an embodiment of the invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT

[0014] In FIG. 1, a plurality of subscribers operating network accessdevices 101, 102, 103, . . . 104 are provided access to communicationnetwork services, which are facilitated by a plurality ofpacket-switched data networks, shown in FIG. 1 as 151 and 152.Packet-switched data networks 151 and 152, referred to herein as“service networks,” offer access to different services and/or areoperated by different service providers. For example, service network151 could provide packet-switched connectivity to public data networkswhile service network 152 could offer packet-switched telephony service(or the same public data network connectivity, but from a differentservice provider). The service networks, as is well known in the art,utilize a network addressing scheme to route datagrams to and fromhosts: for example, where the service networks utilize the TCP/IPprotocol suite, Internet Protocol (IP) addresses are assigned to eachhost and utilized in the process of routing packets from a source to adestination in the networks. See, e.g., “INTERNET PROTOCOL,” IETFNetwork Working Group, RFC 791 (September 1981); S. Deering, R. Hinden,“Internet Protocol, Version 6 (IPv6) Specification,” IETF NetworkWorking Group, RFC 1883 (December 1995), which are incorporated byreference herein. The invention shall be described herein withparticular reference to the TCP/IP protocol suite and IP addresses,although those skilled in the art would readily be able to implement theinvention using any of a number of different communication protocols.

[0015] The network access devices 101 . . . 104 are typically customerpremises equipment (CPE) such as a personal computer, informationappliance, personal data assistant, data-enabled wireless handset, orany other type of device capable of accessing information through apacket-switched data network. Each network access device 101 . . . 104is either connected to or integrated with a network interface unit 111 .. . 114, e.g. a modem, which enables communication through an accessnetwork infrastructure, shown as 120 in FIG. 1. Each network accessdevice is assigned an IP address, which, in accordance with an aspect ofthe invention, is associated with a particular service or serviceprovider to which the user of the device is subscribed. For example,network access device 101 is assumed to have been assigned, for purposesof the description herein, an IP address associated with a serviceprovider operating service network 151. As further described herein, itis advantageous to provide a service activation system 160 whichadvantageously permits the dynamic allocation, assignment, andreassignment of IP addresses to the plurality of network access devicesbased on customer subscriptions to particular services.

[0016] The network access device 101 communicates with the servicenetwork 151 through the access network infrastructure 120, which, inaccordance with aspects of the invention, is capable of recognizing anddirecting traffic to the proper service network. The access networkinfrastructure 120 advantageously can be operated and maintained by anentity that is the same as or different from the entities operating andmaintaining the service networks 151 and 152. In accordance with anembodiment of an aspect of the present invention, the different IP-basedservices offered by the different service networks 151 and 152 utilizeshared layer one and layer two resources in the access network 120.Layer three routing procedures, however, are modified to permit IPtraffic from network access device 101 to flow to the correct subscribedservice network 151. The access network 120 has a router 130 on the edgeof the access network. The router 130 has a first interface with aconnection to a router 141 in service network 151 and a second interfacewith a connection to a router 142 in service network 152. As furtherdescribed herein, the router processes packets and is capable ofdirecting traffic to the proper service network.

[0017]FIG. 2A shows an exemplary access architecture based on a hybridfiber coaxial (HFC) access network. As is known in the art, each networkinterface device 201 . . . 202 is either connected to or integrated witha cable modem 211 which enables communication through the HFC network221. In accordance with the Data Over Cable Service InterfaceSpecification (DOCSIS), a Cable Modem Termination System (CMTS), shownas 225 in FIG. 2A, communicates with the cable modems 211 and managesaccess to both upstream and downstream cable capacity on the HFCnetworks 221. See, e.g., “Data-Over-Cable Service InterfaceSpecifications: Cable Modem Termination System—Network Side InterfaceSpecification,” Cable Television Laboratories, Inc.,SP-CMTS-NSI-I01-960702; “Data-Over-Cable Service InterfaceSpecifications: Cable Modem to Customer Premise Equipment InterfaceSpecification,” Cable Television Laboratories, Inc.,SP-CMCI-C02C-991015; “Data-Over-Cable Service Interface Specifications:Baseline Privacy Plus Interface Specifications,” Cable TelevisionLaboratories, Inc., SP-BPI+-I06-001215, which are incorporated byreference herein. The CMTS 225 manages the scheduling of both upstreamand downstream transmission and allocates cable capacity to individualcustomers identified by a Service IDs (SIDs). The CMTS 225 can have anintegrated router 228 or can be a separate device 226 that bridges to afast Ethernet switch 227 which connects to the router 228. The IP router228 provides connectivity to an IP network 222, which further comprisesthe router 230 (corresponding to router 130 in FIG. 1) which interfacesto IP routers 241 and 242 in service networks 251 and 252, respectively.Accordingly, the HFC network 221, the CMTS 225, and the IP network 222correspond to the access network infrastructure 120 shown in FIG. 1.FIG. 2B shows a conceptual diagram of the end-to-end communicationprotocol stack from a network access device 201 (101) to a router 241(141) in service provider's network 251 (151). As is known in the art,the lowest layer deals with the physical layer (PL) of the protocolstack, e.g. the Ethernet physical media device (PMD) layer; the secondlayer deals with the data link layer, e.g. the Ethernet Media AccessControl (MAC) layer; which the third layer in the protocol stack dealswith the network layer, e.g. the IP layer.

[0018] Router 130 in the access network 120 in FIG. 1 (corresponding toIP router 230 in FIG. 2) separates the IP traffic to/from the multipleservices or service providers as well as combines traffic from themultiple service or service providers. In accordance with an aspect ofthe invention, IP packets are routed from network access device 101 tothe subscribed service network 151 using source address-based policyrouting. Conventional routing is destination-based: the router consultsan internal routing table which maps the destination addresses of allinbound packets to a physical interface address for use for outgoingpackets. Policy routing schemes, however, will selectively choosedifferent paths for different packets even where the packet'sdestination address may be the same. Since network access devices areassigned addresses associated with a particular network serviceprovider, the source address based policy routing scheme ensures packetsfrom a network access device will go to the appropriate service network.Generally, the router receives an incoming packet, reads the packetheader and retrieves the packet filtering rules, typically stored in anaccess list. The router then applies the packet filtering rules, andcompares the source IP address in the packet header to a list ofaddresses allocated to subcribers to a first service provider, e.g.operating service network 151 in FIG. 1. If the source address matchesone of these addresses, then the router forwards the packet to a routerin service network 151, e.g. router 141 in FIG. 1. The router comparesthe source IP address in the packet header to a list of addressesallocated to subscribers of a second service provider, e.g. operatingservice network 152 in FIG. 1. If the source IP address matches one ofthese addresses, then the router forwards the packet to a router inservice network 152, e.g. router 142 in FIG. 1. The router continues inthis fashion with any other packet filtering rules identifying IPaddresses allocated to subscribers of any other service providers.Assuming the IP source address does not match any such addressesassociated with a service provider, the router applies any remainingpacket filtering rules and routes or denies the packet accordingly.

[0019] The network access device (or “client”) 101 includes, in anexemplary embodiment as a personal computer, a processing unit, memory,and a bus that interfaces the memory with the processing unit. Thecomputer memory includes conventional read only memory (ROM) and randomaccess memory (RAM). An input/output system (BIOS) contains the basicroutines that help to transfer information between elements within thenetwork access device 101 such as, for example, during start up. Theseare stored in the ROM. The network access device 101 may further includea hard disk drive, a magnetic disk (e.g., floppy disk) drive, and anoptical disk drive (e.g., CD-ROM) in a conventional arrangement. Thehard disk drive, magnetic disk drive and optical disk drive are coupledto the bus by suitable respective interfaces. The drives and associatedcomputer-readable media provide nonvolatile storage for the networkaccess device 101. The network interface unit 111 (211) as depicted inFIGS. 1 and 2 is coupled to an appropriate network interfacecommunicating with the system bus.

[0020] Client software residing in the computer memory associated withany particular network access device 101 . . . 104 may provide a userinterface for accessing several different communication network servicesat different times and in different browsing sessions. For example,browser software running on network access device 101 (FIG. 1) may serveas a user interface for accessing both service network 151 and servicenetwork 152.

[0021] An illustrative browser user interface 790 generated by softwarerunning on the client is depicted in FIG. 3. The browser user interface790 includes an HTML display area 791, and a windows-type border areaincluding a function bar 792 having a plurality of buttons 793. Abranding region 794 is provided in the border area for displaying brandindicia 795 as described copending application entitled “Method andApparatus for Dynamically Displaying Brand Information In a UserInterface,” assigned to a common assignee and filed concurrentlyherewith. The branding region may be located in the border 792 as shown,or may be located elsewhere in the border area of the browser. The brandindicia 795 displayed in the branding region 794 consists of informationretrieved by the network access device from a branding data server (notshown).

[0022] The browser user interface 790 provides a graphical userinterface (GUI) and includes a service provider manager function ormodule that enables the user to switch between service providers (e.g.,associated with networks 151, 152). The service provider managerfunction is enabled by selecting the appropriate button or control onthe menu bar 792. This may be explicitly presented on a particularbutton 793 or such function can be part of a selection on a drop-downmenu. The service provider management function of the client softwarepermits the user to select a service provider from a list of subscribedservice providers. In the embodiment depicted in FIG. 3, the serviceprovider manager function has been selected by the user and a window 720is generated that contains a plurality of choices, e.g., SERVICEPROVIDER-1, SERVICE PROVIDER-2, SERVICE PROVIDER-3, and SERVICEPROVIDER-4 (hereinafter described as svc-1, svc-2, etc). Usercredentials for each service provider may be cached within the clientmemory. The service provider manager can also offer to add new serviceproviders in accordance with the user's selection, and updateinformation may be downloaded as is well known in the art. As describedherein, a subscriber to svc-1 has an IP address currently allocated tosvc-1, and desires to change to svc-2. The process for effectuating thischange will be described in more detail below.

[0023] It is advantageous to enable the IP addresses—which ultimatelydetermine the service network utilized by the particular network accessdevice—to be allocated and reassigned dynamically. With reference toFIG. 1, a service activation system 160 is shown which further comprisesa configuration server 161 and a registration server 162 connected tothe access network infrastructure 120. The registration server 162provides a network-based subscription/authorization process for thevarious services shared on the access network infrastructure 120. Acustomer desiring to subscribe to a new service can access and provideregistration information to the registration server 162, e.g. by usingHTML forms and the Hyper Text Transfer Protocol (HTTP) as is known inthe art. Upon successful service subscription, the registration server162 updates a customer registration database 163 which associates thecustomer information including the customer's hardware address (e.g.,the MAC address of the network access device 101) with the subscribedservice.

[0024] The configuration server 161 uses the registration information toactivate the service. The configuration server 161 is responsible forallocating network addresses on behalf of the service networks from anetwork address space associated with the selected service. In apreferred embodiment of this aspect of the invention, the configurationserver 161 uses a host configuration protocol such as the Dynamic HostConfiguration Protocol (DHCP) to configure the network addresses of thenetwork access devices. See R. Droms, “Dynamic Host ConfigurationProtocol,” IETF Network Working Group, RFC 2131 (March 1997); S.Alexander, R. Droms, “DHCP Options and BOOTP Vendor Extensions,” IETFNetwork Working Group, RFC 2132 (March 1997); which are incorporated byreference herein. This aspect of the invention shall be described hereinwith particular reference to DHCP, and the configuration server 161shall be referred to herein as the DHCP server, although those skilledin the art would readily be able to implement this aspect of theinvention using a different protocol.

[0025] Referring now to FIG. 4, an exemplary format for a DHCP messageis shown generally at 800. The message 800 comprises an xid field 801,ciaddr field 802, yiaddr field 805, siaddr field 806, giaddr field 807,chaddr field 808, and an options field 810 including a message typesub-field 815 and svc-id 820. Each DHCP message is characterized bytype, such as DHCPDISCOVER, DHCPOFFER, DHCPREQUEST OR DHCPACK. The typeof each DHCP message is encoded into options field 810. Each DHCPmessage 800 is set to indicate whether it is being communicated from aclient 101 or the DHCP server (part of the network administrationsystem) 121. The message identification is implemented by setting the opfield to BOOTREQUEST or BOOTREPLY, to respectively indicate the originof the message. The IP address is contained in the yiaddr field 805. Thechadddr field 808 contains the MAC address of the client 101.

[0026] Referring now to FIG. 5, there is shown an embodiment where thesubscriber registers the service selection with the registration serverwhich temporarily establishes the association between the network accessdevice's hardware address (e.g. the MAC address of the device) and thechosen service selection. The configuration server then uses the MACaddress of the network access device to assign an IP address from theproper address space. FIG. 5 is a simplified timeline diagram of DHCPmessages exchanged, in accordance with such an embodiment. At 500, thenetwork access device 501 registers a service selection with theregistration server 503. The client 501 sends a “SET ISP” message to theregistration server 503. It is assumed that the subscriber has passedthe proper authentication procedures for the particular serviceselected, either beforehand (e.g. through transactions directly with theservice provider's network) or in the same session with the registrationserver. At 505 the registration server 503 stores the selected serviceand associates the service selection with the hardware device address(MAC address) of the network access device 501. It is advantageous forthe DHCP server 502 to set a client class to the selected serviceprovider with an “AUTHENTICATE UNTIL” option set to 10 minutes, to avoidassignment of the service-related IP address to another device. Theregistration server 503 sends an acknowledgment 506 to the networkaccess device 501. After receiving the acknowledgment from theregistration server 503, the network access device 501 releases anypre-existing address assignment by issuing a DHCPRELEASE message at 507.At 508, the network access device issues a standard DHCPDISCOVERmessage. The DHCP server 502 receives the DHCPDISCOVER message and, at509, allocates an IP address from the pool of address associated withthe particular service associated with the device's MAC address. TheDHCP server 502 should check to see whether the current client set toISP “AUTHENTICATE UNTIL” has not expired. At 510, the DHCP server 502sends a DHCPOFFER message that includes the IP address in a field in theDHCP message. At 511, the network access device 501 receives theDHCPOFFER and sends out a DHCPREQUEST back to the DHCP server 502. At512, the DHCP server 502 commits to assigning the IP address to thenetwork access device 501, commits the binding to persistent storage,and transmits a DHCPACK message containing the configuration parametersfor the device. If the DHCP server is unable to satisfy the DHCPREQUESTmessage, the server responds with a DHCPNAK message.

[0027] It is preferable that the DHCP servers and clients use somemutual authentication mechanism to restrict address assignment toauthorized hosts and to prevent clients from accepting addresses frominvalid DHCP servers. For example, the “delayed authentication” schemedescribed in R. Droms, W. Arbaugh, “Authentication for DHCP Messages,”IETF Network Working Group, Internet Draft,<draft-ietf-dhc-authentication-_.txt>; or the Kerberos-basedauthentication mechanism described in K. Hornstein, T. Lemon, B. Aboba,J. Trostle, “DHCP Authentication via Kerberos V,” IETF Network WorkingGroup, Internet Draft, <draft-hornstein-dhc-kerbauth-_>; which areincorporated by reference herein. The “delayed authentication” mechanismsupports mutual authentication of DHCP clients and servers based on ashared secret, which may be provisioned using out-of-band mechanisms. Onthe other hand, the Kerberos-based mechanisms are very well suited forinter-realm authentication, thereby supporting client mobility, i.e. anetwork access device could connect to a particular access networkinfrastructure without any prior registration with the access network.Each service network provider could securely authenticate the networkaccess device accessing the service network from another network“realm,” e.g. the access network infrastructure.

[0028] The operator of the relevant service network, e.g. servicenetwork 152 in FIG. 1, may desire to maintain a separate registrationserver, e.g. server 155 in FIG. 1, and to retain responsibility for userauthentication and authorization. The service activation system 160 canprovide a proxy server configured to permit HTTP traffic only betweenlocal hosts and registration server 155 in service network 152. Theservice provider operating service network 152 would then be responsiblefor providing the appropriate registration information required forproper service selection to the service activation system 160. In thisevent, the service provider would also be responsible for notifying theservice activation system 160 when service should be discontinued to theparticular user. Alternatively, the DHCP server 161 in the serviceactivation system 160 can interact with the registration server 155using a back-end authentication protocol, e.g. the Remote AuthenticationDial In User Service (RADIUS). See C. Rigney, A. Rubens, W. Simpson, S.Willens, “Remote Authentication Dial In User Service (RADIUS),” IETFNetwork Working Group, RFC 2058 (January 1997), which is incorporated byreference herein. The DHCP server can contain a RADIUS client and,thereby, leverage the large RADIUS embedded base used for dial accessauthentication. FIG. 7 illustrates this embodiment of this aspect of theinvention in a flowchart corresponding to the flowchart shown in FIG. 5.At 903, the DHCP server 920 generates a random challenge and includesthe challenge along with the allocated IP address in the DHCPOFFERmessage. The DHCP client 910 generates a response to the challenge byencrypting the challenge with a key that is derived from thesubscriber's authentication information. At 904, the client 910 includesthe challenge, response, and IP address in the DHCPREQUEST message. TheDHCP server 920 forwards both the challenge and response in aRADIUS_ACCESS_REQ message to a RADIUS server 930 in the selected servicenetwork. The RADIUS server 930 either accepts or rejects the RADIUSrequest and responds accordingly at 906. If the RADIUS request isaccepted, the DHCP server 920 sends a DHCPACK message at 907 and theclient 910 enters a bound state. If the RADIUS request is rejected, theDHCP server 920 sends a DHCPNACK message which informs the client 910that the IP address that was allocated has been withdrawn.

[0029]FIG. 7 is a flowchart depicting the actions of the service clientin accordance with an embodiment of the invention. The subscriber islogged into a profile with a working service provider's IP address,e.g., the address allocated to the user of svc-1 (151). Within a currentlogin session, the subscriber desires to change from the active serviceprovider—svc-1 (151) to another subscribed service provider, svc-2(152). In accordance with a preferred embodiment of the presentinvention, the subscriber makes the request using the service providermanager function of the client, which will initiate a series of steps toeffect a change in the IP address for network access device 101. At step301, the user accesses the service provider manager function of theclient shown generally at 720 in FIG. 3. As discussed above, the serviceprovider manager function enables the user to select a service providerfrom a stored list of service providers in the client. In theillustrative embodiment, the user is currently using active serviceprovider svc-1 and desires to change to service provider svc-2. At step302, the client 101 fetches the current account configuration data fromthe service activation system 160 over the access network and checkswhether the stored list of subscribed service providers is current. Anychanges can be reconciled before displaying the selection of serviceproviders to the user. The service activation system 160 is describedabove and can utilize user credentials, either explicitly requested orcached automatically, to authorize the fetching of account configurationdata. If the cached credentials on the client are invalid, the attemptto update the list of configured service providers may be refused andthe user alerted that the credentials need to be updated. A specializedaccount restoration procedure can be utilized by a properly-authorizedadministrative user to update the cached credentials. Alternatively, theuser may ignore the message and continue using the old list ofconfigured service providers. These options may be displayed by theclient software in a manner analogous to what is commonly utilized in adial-up connection using text-based or graphical controls. At step 303,the user selects an option within the service provider manager functionto switch to the new service provider (svc-2). If the second serviceprovider is not configured, then the service provider manager function720 of the client can offer to add the new service provider. The clientcan be configured to automatically connect to the service activationsystem 160 and enable the user to interact with a service providermanagement feature in the service activation system 160 as well as anynecessary service provider-specific registration sites. After receivingthe proper configuration data and any service provider accesscredentials, if required by the service provider, the client can returnback to step 303 in FIG. 7. At step 304, the client displays a warningwith respect to switching between service providers while networkapplications are running. The user can then choose to either continue orcancel the operation. If the user chooses to cancel, then, at step 305,the current service provider association remains in effect and theclient service provider manager function ends.

[0030] If the user chooses to continue, the client signals the serviceactivation system 160 at step 306 for a service provider change andprovides the access device's (111 ) physical address information, suchas a MAC address as discussed above. The client will also send thesubscriber's credentials, in one exemplary embodiment, to enable theservice activation system to authenticate the subscriber. The serviceactivation system (registration server 162) will check the subscriber'scredentials and credit information utilizing a network-basedsubscription/authorization process for the various services shared onthe access network infrastructure. At step 307, the client receivesconfirmation from the service activation system 160 that the change tothe new service provider is authorized. If the authorization fails, theservice activation system 160 returns an error message to the client,the existing service provider association remains in effect, and theclient service provider manager function ends. If authorization toswitch to the new service provider has succeeded, at step 308, theclient sends a message to a local DHCP process (controlled by networkapplication software in the client or on a networked system) requestingthat it release and renew the IP address of the access device 101 inaccordance with the methodology described above and illustrated in FIG.5. In this manner, a new IP address is assigned to the access devicefrom the selected service provider. At step 309, the client can updatethe browser interface 790 to reflect the settings specific to the activeservice provider (e.g., svc-2).

[0031] The present invention has been shown in what are considered to bethe most preferred and practical embodiments. It is anticipated,however, that departures may be made therefrom and that obviousmodifications may be implemented by persons skilled in the art.

What is claimed is:
 1. A method of configuring a network access devicehaving a first network address allocated to a subscriber of services ofa first service provider provided by a first service network, with a newnetwork address allocated to a subscriber of services of a secondservice provider provided by a second service network, wherein thenetwork access device is connected to an access network connected to aplurality of service networks, comprising the steps of: sending arequest from the network access device to the access network requestinga change to a second service provider; receiving a response from theaccess network; and initiating a network address change request using aconfiguration protocol, whereby, a second network address allocated tothe subscriber of services of the second service provider is assigned tothe network access device, the second network address being utilized bythe network access device to communicate data packets to the servicenetwork providing the selected service.
 2. The method recited in claim 1, wherein said request to said access network includes an authenticationrequest for the subscriber.
 3. The method recited in claim 2 , whereinsaid response received from said access network includes anauthentication status for the subscriber from the second serviceprovider and, if authenticated, initiating said network address changerequest.
 4. The method recited in claim 1 , wherein the hostconfiguration protocol is a dynamic host configuration protocol (DHCP).5. The method recited in claim 1 , wherein the network access devicereceives an Internet Protocol address.
 6. The method recited in claim 5, wherein the network access device displays a plurality of serviceprovider choices and enables a subscriber to select a service providerfrom among said choices over the access network.
 7. A method ofconfiguring a network access device having a first network addressallocated to a subscriber of services of a first service providerprovided by a first service network, with a new network addressallocated to a subscriber of services of a second service providerprovided by a second service network, wherein the network access isconnected to an access network connected to a plurality of servicenetworks, comprising the steps of: sending a request from the networkaccess device to the access network requesting a change to a secondservice provider; receiving a response from the access network; andinitiating a network address change request using a DHCP configurationprotocol, whereby a second network address allocated to the subscriberof services of the second service provider is assigned to the networkaccess device, the second network address being utilized by the networkaccess device to communicate data packets to the service networkproviding the selected service.
 8. A method of configuring a networkaccess device to obtain a network address allocated to a subscriber ofservices of a selected service provider provided by a service network ofthe selected service provider, wherein the network access device isconnected to an access network connected to a plurality of servicenetworks, comprising the steps of: sending a request from the networkaccess device to the access network requesting a change to the selectedservice provider, wherein said request includes an authenticationrequest for the subscriber; receiving a response from the accessnetwork, wherein said response includes an authentication status for thesubscriber; and if the subscriber is authenticated, initiating a networkaddress change request using a configuration protocol, whereby a networkaddress allocated to the subscriber of the selected service provider isassigned to the network access device, the network address beingutilized by the network access device to communicate data packets to theservice network providing the selected service.
 9. The method recited inclaim 8 , wherein the host configuration protocol is a dynamic hostconfiguration protocol (DHCP).
 10. The method recited in claim 9 ,wherein the network access device receives an Internet Protocol address.11. A method of configuring a network access device having a firstnetwork address allocated to a subscriber of services of a first serviceprovider provided by a first service network, with a new network addressallocated to a subscriber of services of a second service providerprovided by a second service network, wherein the network access deviceis connected to an access network communicating with a serviceactivation system and connected to a plurality of service networks,comprising the steps of: sending authentication information for thesecond service provider to the service activation system over the accessnetwork; receiving an authentication status from the service activationsystem and, if authenticated; initiating a network address changerequest using a configuration protocol, whereby a network addressallocated to the subscriber of the selected service provider is assignedto the network access device, the network address being utilized by thenetwork access device to communicate data packets to the service networkproviding the selected service.
 12. A method of configuring a networkaccess device having a first network address allocated to a subscriberof services of a first service provider provided by a first servicenetwork, with a new network address allocated to a subscriber ofservices of a second service provider provided by a second servicenetwork, wherein the network access device is connected to an accessnetwork communicating with a service activation system and connected toa plurality of service networks, comprising the steps of: sendingauthentication information for the second service provider to theservice activation system over the access network; receiving anauthentication status from the service activation system and, ifauthenticated; initiating a network address change request using adynamic host configuration protocol (DHCP), whereby a network addressallocated to the subscriber of the selected service provider is assignedto the network access device, the network address being utilized by thenetwork access device to communicate data packets to the service networkproviding the selected service.